CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45205
https://notcve.org/view.php?id=CVE-2023-45205
10 Oct 2023 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. • https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-42796
https://notcve.org/view.php?id=CVE-2023-42796
10 Oct 2023 — By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. • https://cert-portal.siemens.com/productcert/pdf/ssa-770890.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30527
https://notcve.org/view.php?id=CVE-2022-30527
10 Oct 2023 — This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. • https://cert-portal.siemens.com/productcert/html/ssa-160243.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-31096
https://notcve.org/view.php?id=CVE-2023-31096
10 Oct 2023 — There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). • https://cschwarz1.github.io/posts/0x04 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43896
https://notcve.org/view.php?id=CVE-2023-43896
10 Oct 2023 — A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. • http://macrium.com • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45248
https://notcve.org/view.php?id=CVE-2023-45248
09 Oct 2023 — Local privilege escalation due to DLL hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-6052 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5214 – CVE-2023-5214 - Privilege Escalation in Puppet Bolt
https://notcve.org/view.php?id=CVE-2023-5214
06 Oct 2023 — In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. • https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 1CVE-2023-42755 – Kernel: rsvp: out-of-bounds read in rsvp_classify()
https://notcve.org/view.php?id=CVE-2023-42755
05 Oct 2023 — An attacker can leverage this in conjunction with other vulnerabilties to escalate privileges and execute arbitrary code in the context of the kernel. • https://access.redhat.com/errata/RHSA-2024:2950 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32485
https://notcve.org/view.php?id=CVE-2023-32485
05 Oct 2023 — A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. • https://www.dell.com/support/kbdoc/en-us/000216587/dsa-2023-283-security-update-for-dell-smartfabric-storage-software-vulnerabilities • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-26236
https://notcve.org/view.php?id=CVE-2023-26236
05 Oct 2023 — Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2023-00004 • CWE-269: Improper Privilege Management •